Hi Daniel, On 24/02/15 15:53, Daniel De Graaf wrote: > This seems a reasonable solution if we don't want to change how the boot > parameters are set up. > > Another alternative would be to change flask_enforcing/flask_enabled to > a single "flask=" parameter with options: > disabled - revert to dummy (no XSM) policy, same as flask_enabled=0 > develop/permissive - a missing or broken policy does not panic > enforce/enforcing/force - require policy to be loaded at boot time > late/load - bootloader policy is not used; later loadpolicy is enforcing > > The default would be "permissive" as in the existing hypervisor. This > would be more flexible, but I'm not sure it is worth breaking existing > command lines and changing documentation to implement.
This look a good solution, having flask_enforcing without flask_enable doesn't make much sense. Although I don't know what is the policy about xen parameters. Maybe Ian or Jan have an idea about it. Regards, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
